Computer resource allocating method

ABSTRACT

When a load of a user is fluctuated, a data center dynamically changes resource allocation to the user according to the load and holds security for each user.  
     A control program on a data center managing server creates a VLAN configuration table so as to allocate a user-dedicated VLAN including plural network switches for each user company, thereby configuring the ports of a load balancer and network switches allocated to a user to the user-dedicated VLAN. A VPN is configured from the user to the data center, whereby a VLAN tagging technique is used to hold security of the user from the user to the data center. The control program compares a user condition setting table created along the service level agreement for each user with the monitoring result of the computer operating state (the CPU utilization history in a VLAN operation table) to dynamically change the computer allocation and VLAN configuration at unsatisfied agreement. Specifically, the VLAN configuration table and the VLAN operation table are changed to change the VLAN configuration in the load balancer and the network switches (in the case of the Web layer). The control program changes the parameter (the sever allocation history in the VLAN operation table) related to charge information based on that.

FIELD OF THE INVENTION

[0001] The present invention relates to a method for dividing andallocating resources in a computer system to each user, and morespecifically to a resource allocating method which, when processing arequest of plural users in a system having a plurality of computersinterconnected by a network, provides in real time a computer resourcenecessary to maintain an agreement with respect to the service contentspreviously arranged with each user and holds security between users.

BACKGROUND OF THE INVENTION

[0002] To reduce cost of an information department, a business form tooutsource in-company information system operation and company home pagemanagement to an ASP (Application Service Provider) is on the increase.There are many forms in such a manner that the ASP outsources computerresource supply and operating management to a data center operator.

[0003] The data center operator prepares a great number of computerresources which are divided to plural user companies for use so as toreduce its own operating cost and supply a service at low cost to theuser companies. To hold security between the user companies, generally,different computer resources and storage resources are often allocatedto each of the user companies.

[0004] Since a load of the user company is fluctuated depending on timeand season, there are many agreement forms to increase or decreaseallocated resources according to the load. In particular, whenundertaking company home page management, it is difficult to predict aload due to access from an indefinite number of consumers via theInternet. For this, the user company side makes an agreement with thedata center operator so as to increase for a certain period apredetermined number of computer resources by predicting load increase,for example, in a new product presentation. The data center operatorallocates the increased computer resources to another user company foranother period so as to make effective use of the resources. Tofacilitate such configuration change, the data center is configured sothat a load balancer is arranged before plural computer resources toallow a user company A to use the computer resources for a certainperiod and to allow a user company B to use them for another period. Anexample of the load balancer includes ACE director produced by Alteon(Nikkei Open Systems 1999. 12 No. 81 pp. 128-131). The load balancer ismanually configured based on the above agreement. When the storageresource must be increased, the storage contents must be duplicated.

[0005] Since the data center supplies different computer resources tomany user companies, a great number of computer resources must bemanaged, resulting in increased managing cost. It can be considered amethod in which a small number of computer resources each having highperformance, for example, high multiplex SMP computers are introducedand controlled so that plural user companies share them. To holdsecurity between the user companies, the function of a virtual computeris used. An example of the virtual computer includes a processorresource division managing function PRMF manufactured by Hitachi (HITACManual 8080-2-148-60). In the PRMF, plural OSes (operating systems) areoperated on one computer, and an independent resource, e.g., a mainmemory or network adapter is allocated to each OS. Since a resource isnot shared between the OSes, security between programs of different usercompanies executed on different OSes can be held. The PRMF is configuredso as to control CPU resource percentage allocated to each OS. Onlypreviously planned percentage change is enabled.

[0006] In general, the data center is used by plural users. A techniqueto hold security to maintain data independence for each user isconsidered. As the currently-known main security technique, VLAN(VPN/VLAN text published by Ascii Corp., pp. 31-42), VPN (VPN/VLAN textpublished by Ascii Corp., pp. 7-30), and FC zoning (SAN published byPiason Education, pp. 85-86) are known. The VLAN and the FC zoningtechniques realize logically grouped networks which disable access toeach other. The VPN is a technique to hold security for a user byencryption and packet priority control. The VPN can also guarantee anetwork use bandwidth. The zoning technique can control access to thestorage at the port of a storage network switch allocated to the user.For example, a user A can cope with an increased load by incrementingthe access priority so as to increase access to an LUN three times inevery ten access times of the user to the storage to access to the LUNfive times in every ten times. The security technique allows the user toaccess to and use user-dedicated data in the computer resource in thedata center without anxiety of security. The network manager typicallyplans and statically configures a VLAN, VPN and FC zoning, and does notchange the configuration when not required.

[0007] Finally, making of a service level agreement between the ASP, ISP(Internet Service Provider) and user is being typical. A service levelguarantee agreement including connectability, availability, and latencyperformance is made. There are many forms to make a compensatingagreement at an unsatisfied guarantee level.

[0008] The above prior art has the following problems.

[0009] In a method for manually configuring a load balancer and anetwork switch based on an agreement, it is difficult to cope with inreal time abrupt load fluctuation which can not be predicted on the usercompany side. This is the same for the case of allocating differentcomputers between users and the case of using a virtual computer.Further, the network mangers of both the user and the data center expendenormous efforts for system extension and holding of user's networksecurity. In an environment to dynamically change a networkconfiguration by load fluctuation, it is difficult to always manuallymanage the user's security.

SUMMARY OF THE INVENTION

[0010] An object of the present invention is to provide a method forholding user's security and reducing the load of the managers of a datacenter and a user even when a network is changed dynamically. Anotherobject of the present invention is to provide a method for changing anetwork configuration so as to correspond to the user's load peak whileholding the user's security when a network is changed dynamically and tohold a communication bandwidth only for the agreement contents made withthe user to maintain quality of a web service to the user.

[0011] The present invention prepares a user identification table andVPN, VLAN and storage network configuration definition tables which aremanaged in a managing server. A user company is specified in the useridentification table from a user request packet to a data center. On theother hand, a set of computers to execute a process to each user isdefined in the VLAN configuration definition table, which is thenconfigured in a load balancer and a network switch. The load balancerselects any one from the set of computers configured to execute a userrequest. When there are plural load balancers, the managing servercontrols this table to be matched between the load balancers. Themanaging server monitors the network bandwidth and configuration and theoperating state of each computer to check if a service level agreementis satisfied. If necessary, the network bandwidth and the computerresources are decreased or increased to be matched with the agreementcontents with the user and to change the VLAN configuration of the userfor holding security. Specifically, the network configuration definitiontable of the set of computers is changed to be re-configured for theload balancer and the network switch. The managing server createshistories of the computer resource amount allocated to the user and ofwhether the service level agreement is followed and creates chargeinformation.

[0012] Another embodiment of the present invention configures a datacenter with computers having a virtual computer mechanism. A virtualcomputer mechanism controlled by one OS is given to each user company. Amanaging server dynamically configures allocation of CPU time divisionutilization of each computer mechanism for the network bandwidth andeach computer for each user company. The managing server monitors thenetwork bandwidth and the operating state of each computer to check ifthe service level agreement is satisfied. If necessary, the networkbandwidth and the allocation of CPU time division utilization aredecreased or increased.

BRIEF DESCRIPTION OF THE DRAWINGS

[0013]FIG. 1 is an example of a data center and a user connected via theInternet;

[0014]FIG. 2 is an example of the configuration of the data center;

[0015]FIG. 3 is an example 1 of a VPN configured from the user to thedata center via a carrier;

[0016]FIG. 4 is an example 2 of a VPN configured from the user to thedata center via a carrier;

[0017]FIG. 5 is an example of a storage network configuration of thedata center of FIG. 2;

[0018]FIG. 6 is a list of VLAN-related information held by the datacenter managing server of FIG. 2;

[0019]FIG. 7 is a list of VPN-related information held by the datacenter managing server of FIG. 2;

[0020]FIG. 8 is a list of VPN-related information held by a userbandwidth managing server;

[0021]FIG. 9 is a list of VPN-related information held by a carrierbandwidth managing server;

[0022]FIG. 10 is a list of storage network-related information held bythe data center managing server of FIG. 2;

[0023]FIG. 11 is a list of packets processed in the data center from theuser;

[0024]FIG. 12 is a service level agreement input screen (optionselection screen);

[0025]FIG. 13 is a service level agreement input screen (for setting thedetail of a user condition);

[0026]FIG. 14 is a flowchart of initial allocation of the server, VLANand VPN of the data center of FIG. 2;

[0027]FIG. 15 is a flowchart of change of the network bandwidthallocation to the user;

[0028]FIG. 16 is a flowchart of change of the server and VLAN allocationto the user;

[0029]FIG. 17 is one example of the data center configuration using anLPAR server;

[0030]FIG. 18 is a service level agreement input screen (optionselection screen);

[0031]FIG. 19 is a service level agreement input screen (for setting thedetail of a user condition);

[0032]FIG. 20 is a list of VLAN-related information held by the datacenter managing server of FIG. 17;

[0033]FIG. 21 is a list of VPN-related information held by the datacenter managing server of FIG. 17;

[0034]FIG. 22 is a list of storage network-related information held bythe data center managing server of FIG. 17;

[0035]FIG. 23 is a list of packets processed in the data center of FIG.17;

[0036]FIG. 24 is a flowchart of initial allocation of the LPAR, VLAN andVPN of the data center of FIG. 17;

[0037]FIG. 25 is a flowchart of change of the allocation of CPUutilization to the user;

[0038]FIG. 26 is a change procedure related to each element of the VPN,VLAN and storage network when a load is increased;

[0039]FIG. 27 is a change procedure related to each element of the VPN,VLAN and storage network when a load is decreased;

[0040]FIG. 28 is a flowchart of change of the storage network allocationto the user;

[0041]FIG. 29 is VLAN-related information possessed by the data centermanaging server of FIG. 2 in the case of having a network switch with aport bandwidth control function;

[0042]FIG. 30 is an example for holding security by combining theuser-dedicated VPN router and VLAN without using VLAN tagging;

[0043]FIG. 31 is VLAN-related information possessed by the data centermanaging server of FIG. 17 in the case of having a network switch with aport bandwidth control function; and

[0044]FIG. 32 is a flowchart of change of the server and VLAN allocationwith power control.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0045] Embodiments of the present invention will be describedhereinbelow with reference to the drawings.

[0046] [1] First Embodiment

[0047] First, main drawings necessary to describe the embodiment will beexplained.

[0048]FIG. 1 shows an example in which a data center targeted in thepresent invention is connected to a user company A (AA0) and a usercompany B (BB0) via an Internet line company (carrier) (II0). FIG. 2shows the internal configuration of a data center DD0 of FIG. 1.User-dedicated VLANS V01 and V02 are configured for each of the users Aand B. FIGS. 3 and 4 respectively show VPN configurations from the userto the data center in this embodiment. FIG. 5 shows a main configurationof a storage network. User-dedicated zones Z01 and Z02 are configuredfor each of the users A and B. FIG. 6 is a diagram to collect serverallocation and VLAN-related information possessed by a managing serverC0 of the data center DD0. FIG. 7 is a diagram to collect VPN-relatedinformation possessed by the managing server C0 of the data center DD0.FIGS. 8 and 9 are diagrams to collect VPN-related information possessedby a user bandwidth managing server C10 and a carrier bandwidth managingserver C20, respectively. In the following description, the networkrefers to the Internet. One VPN router of the carrier and so on seems toexist in FIG. 1, but actually, plural VPN routers may exist. In thiscase, the control procedure is the same.

[0049]FIG. 10 is a diagram to collect storage network-relatedinformation possessed by the managing server C0 of the data center DD0.

[0050]FIG. 11 is a list of packets the user A uses for communication inexplaining the first embodiment. FIGS. 12 and 13 respectively show anexample of an input screen when the user company A makes a use agreementwith this data center. In the agreement of this example, the usercompany A uses all the web servers, AP servers, DB servers in the datacenter, and uses a network bandwidth of 1.5 Mbps to 5 Mbps.

[0051]FIG. 14 shows a procedure to allocate servers and a networkbandwidth to the user who makes an agreement when the system is startedup. FIG. 15 shows a procedure to dynamically add or reduce the networkbandwidth allocated to the user. FIG. 16 shows a procedure todynamically increase or decrease the number of servers allocated to theuser. FIG. 26 shows a control procedure related to each part of theVLAN, VPN and storage network when a load is increased. FIG. 27 shows acontrol procedure related to each part of the VLAN, VPN and storagenetwork when a load is decreased. FIG. 28 shows a procedure todynamically add or reduce the storage network bandwidth allocated to theuser. The embodiment will now be described. A client a0 of FIG. 1 has aprivate network address of an A company system and is connected througha VPN (Virtual Private Network) router A0 to a VPN router D0 of the datacenter via a VPN router I01 of the carrier. FIG. 2 shows theconfiguration of the data center DD0. This embodiment shows the case ofa three-layer configuration of web servers providing a web browserinterface to a user request, AP servers operating an application programproduced via the web server, and DB servers processing a database accessrequest from the application program.

[0052]FIGS. 12 and 13 respectively show one example of an input screenwhen the user company A makes a service level agreement with this datacenter. In this example, at least one web server, AP server and DBserver are allocated to the user company A and all of them are operatedat CPU utilization below 50%. In this agreement, when the utilization isabove 50%, the allocating number of the web servers, AP servers and DBservers is increased up to six. In the network bandwidth agreement,whether the user's use bandwidth is guaranteed or not is selected inFIG. 12. A specific use bandwidth agreement is made in FIG. 13. In thisexample, a checkmark is inputted to the use bandwidth guaranteeselection column on the input screen, and 1.5 Mbps at the minimum isallocated to the specific bandwidth for operation so that the bandwidthutilization is below 40%. When the bandwidth utilization is above 40%,an agreement to increase the bandwidth up to 5 Mbps is made.

[0053] Based on the above-mentioned agreement on the input screen, the Acompany is given a web server a10, an AP server a20 and a DB server a30,and the B company is given a web server b10, an AP server b20 and a DBserver b30. In this embodiment, one server is allocated to each layer ofthe user. Allocation of two or more servers may be considered. With aLUN (Logic Unit Number) unit of a storage s01, LU01 is allocated to theA company and LU02 is allocated to the B company. Servers y10, y20 andy30 are preliminary servers to be allocated when a load of the A companyand the B company is increased. y10, y20 and y30 are described to be onein number, but existence of two or more preliminary servers may beconsidered.

[0054] A representative IP address used by the A company is a100 for theweb server. The B company uses an IP address b100 for the web server.This embodiment describes one Web server, AP server, DB server andclient. When they are plural, the embodiment is the same.

[0055] Referring to the drawing, how the switches centering on theservers and the load balancer in this data center process a request ofthe user A using the servers a10, a20 and a30.

[0056] The configuration of a request packet sent out to the VPN routerA0 by the client a0 in FIG. 1 is as shown in FIG. 11(1) 1100. The headof the packet is an address of a destination server and the next is anaddress of the sending client. The VPN router A0 capsules the VPN whensending out the packet to the Internet line II0 to generate a packet1101 of FIG. 11(2). The VPN router D0 uncapsules this packet. Atechnique for capsuling and uncapsuling the packet is known.

[0057] When the packet 1101 of FIG. 11(2) inputted from a signal line I0is uncapsuled, a packet 1102 of FIG. 11(3) is generated and is outputtedto a load balancer LB01 via a signal line I1. The user accesses therepresentative addresses a100 and b100 configured for the load balancerto refer to information corresponding to a load balancer address tableT00 of FIG. 6 possessed by the data center managing server C0 with theload balancer LB01. The load balancer LB01 corresponds the destinationaddress a100 of the packet 1102 of FIG. 11(3) with informationcorresponding to the address reference table T00 of FIG. 6 set to theload balancer LB01 to generate a packet 1103 of FIG. 11(4) in which therepresentative address (virtual address) of each user is converted tothe address a10 of the real server. A technique itself for destinationselection and change is known. Information corresponding to the columnof port# (LB01) of a corresponding table T02 is referred to send thepacket 1103 only to a port belonging to the user-dedicated VLAN. FIG. 2shows the case of sharing an entry p000 of the load balancer LB01 byplural users (plural VLANs) with a VLAN tagging technique. Theuser-dedicated VLAN is configured in the data center for each user. TheVLAN tagging technique allows a packet having VLAN information (VLANtag) to be flowed from the user. The packet having VLAN information canbe flowed only through the same VLAN network. For this reason, securityof each user can be held. The table T02 of FIG. 6 shows a list of users,VLANs configured for the users, and servers and switch ports belongingto the VLANs. In other words, it shows with which server the serverallocated to the user can be communicated. The user locally configuresVLANs by plural network switches. Combination of the VLAN configurationscan configure the user-dedicated VLAN across plural units. For example,in the case of the user A, by interposing the web server a10, the LB01locally configures a VLAN to a port p001, the SW01 locally configures aVLAN to p101 and p201, and the two local VLANs are configured for thesame group to realize a user-dedicated VLAN across the LB01 and theSW01. When this effect is shown and the user A attempts to access theweb server b10, the access is denied because the web server b10 belongsto the VLAN V02 and the user A belongs to the VLAN V01.

[0058] The web server a10 receives the packet 1103 of FIG. 11(4) andgenerates a packet 1104 (FIG. 11(5)) which is an access request to a20when requiring access to the AP server as the result of web processing.This packet is received by the network switch SW01 via the port p101.The network switch SW01 is configured to information corresponding tothe column of port# (SW01) of the VLAN configuration table T02 of FIG.6, that is, so that the A p101 and p201 belong to the same VLAN. Thepacket 1104 (FIG. 11(5)) can be sent to the destination address a20.

[0059] Likewise, the AP server a20 generates a packet 1105 to beprocessed in the DB server a30. Similarly, the DB server a30 sends aresponse to the AP server a20, the web server a10 and the client a0, andpackets 1106 to 1110 a regenerated sequentially. This is the same forthe VLAN configuration.

[0060] When there is a request from the user company B, it passesthrough the VPN router D0 and the load balancer LB01 by the aboveprocedure and is processed in the servers b10, b20 and b30. (The packetform is the same and is not shown.)

[0061] As described above, the servers executing the processes of theusers A and B are divided into the VLAN to which the servers a10, a20and a30 belong and the VLAN to which the servers b10, b20 and b30belong.

[0062] In this explanation, it is considered the case that both theusers A and B desire a security service in FIG. 12 to configure auser-dedicated VLAN. When desiring the security service in FIG. 12, auser-dedicated VLAN is configured for each user. When not desiring it,the service is received by the VLAN shared by the users.

[0063] In FIG. 2, the managing server C0 monitors the operating state ofthe servers, load balancer, VPN router, and network switch via thesignal lines L01 to L08. The monitoring contents depend on the contentsof the service level agreement with the user, for example, CPUutilization. The monitoring program may be operated on the managingserver C0, and may be operated on the servers and the load balancer. Themanaging server C0 obtains the contents of the operation table (VPNoperating state table) of T05 of FIG. 7 related to the network bandwidthuse for each user from the VPN router D0 via the signal line L01.

[0064]FIG. 6 is a diagram showing information of the serverconfiguration and the VLAN configuration possessed by the managingserver C0. VPN-related information of the network bandwidth and storagenetwork-related information will be described later. T01 of FIG. 6 is auser condition setting table in which a control program P10 configuresit based on the service level agreement input screens of FIGS. 12 and13.

[0065] Thereafter, based on information of T01 of FIG. 6, the server andVLAN configuration table of T02 is created. In this agreement, the Acompany user is given at least one web server, AP server and DB server,all the given servers operate the program at CPU utilization below 50%,and if the utilization is above it, the number of servers is increasedup to six. Likewise, in the agreement, the B company user is given atleast one web server, AP server and DB server, all the given serversoperate the program at CPU utilization below 50%, and if the utilizationis above it, the number of servers is increased up to six. T02 alsoholds information of the security option service column inputted in FIG.12, and when inputting a checkmark to the column, a user-dedicated VLANis configured.

[0066] The control program P10 checks the monitoring result against theuser condition setting table T01 of FIG. 6, and checks if the currentresource allocation satisfies the service level agreement to store theresult into a server and LAN operation table T03 of FIG. 6. Into theserver and VLAN storage table T03 of FIG. 6, are recorded a list ofservers currently allocated to the user A, the column of allocation timehistory in each allocating number, and the column of a history of totaltime operated at above the CPU utilization set in the service level withrespect to all the servers given to the user A and total time operatedat below it. The column above the CPU utilization is recorded in thecase that a load which cannot be processed in the maximum number ofservers the user makes an agreement is included and in the case thatthere's a shortage of preliminary servers which cannot be allocated whenattempting to perform server allocation. Unless the monitoring resultsatisfies the service level agreement, the control program P10 increasesthe number of allocated servers. To manage server allocation, there areheld the column of server of the VLAN configuration table T02 of FIG. 6showing the identification of the user and the given server and the loadbalancer address correspondence table T00 which is a correspondencetable of virtual server name recognized by the user and the given realserver. The server and VLAN operation table T03 of FIG. 6 records ahistory of the number of allocated servers and charge-relatedinformation such as resource shortage time. Charging will be describedlater.

[0067] To perform the above control, a procedure in which the controlprogram P10 divides resources when the system is started up will bedescribed with FIG. 14.

[0068] First, information shown on the service level agreement inputscreens of FIGS. 12 and 13 is inputted (1401). The data center managingserver C0 creates the user condition setting table T01 (1402).

[0069] Information shown on the service level agreement input screen ofFIG. 13 is inputted to create a virtual addr column in the serveraddress correspondence table T00 by a virtual address inputted by theuser (1403). Server allocation is performed to the web servers, APservers and DB servers, respectively, to configure a user-dedicatedVLAN. A network bandwidth and a storage (LUN) allocated to the user areconfigured. Specifically, referring to the user condition setting tableT01, that each user should be given at least one server is detected toallocate a server, and the allocated server is described into the columnof the allocated server of the VLAN configuration table T02 (1404). Thestorage-side port and the router-side port connected to the server aredescribed into the column of port# of the VLAN configuration table T02to provide a VLAN configuration command to network switches SW01 toSW02. For example, in the case of the user A, a VLAN configurationcommand is provided to the network switch SW01 so that the ports p101and p201 belong to the same VLAN. Thereafter, a real addr column of theserver address correspondence table T00 is created (1405). Based on theuser condition setting table T01, a VPN configuration table T04 and astorage network configuration table T06 are created. The network andstorage network bandwidths are allocated and are then described into thecolumn of the bandwidth of the VPN configuration table T04 and thecolumn of the bandwidth of the storage network configuration table T06.The data center managing server provides a bandwidth configurationcommand to the user managing server and the carrier managing server toconfigure a bandwidth to each VPN router (1406). Specifically,information of the columns of the minimum and maximum bandwidths, thethreshold value of the bandwidth utilization, and the guaranteebandwidth in the VPN of T01 is sent to the user bandwidth managingserver via the signal line L0. The user bandwidth managing servercreates a VPN configuration table T08 using information in the columnsof the minimum and maximum bandwidths, the bandwidth utilization and theguarantee bandwidth in the user condition setting table T01 which isthen configured for the VPN routers A0 and B0. Likewise, the carrierbandwidth managing server creates a VPN configuration table T10 to beconfigured for the VPN router I01.

[0070] Finally, the copy of the created server address correspondencetable T00 is configured for the load balancer LB01 via the signal lineL02 (1407).

[0071] Based on the user condition setting table T01, the server andVLAN operation table T03 of FIG. 6, the VPN operation table T05 of FIG.7, and the storage network operation table T07 of FIG. 8 are created(1408). Specifically, columns to record a CPU utilization history and anetwork bandwidth utilization history to the user A are created.

[0072] Information necessary for resource division control is thusgenerated to be configured for the VPN router D0 and the networkswitches SW01 to SW03. The system operation can be started in a statewhere the resources are divided correctly.

[0073] A procedure in which the control program P10 changes serverallocation when a load is fluctuated will be described below with FIG.16. It will be described taking the Web server as an example.

[0074] As described above, the operation information of each server ismonitored to all the users via the signal lines L01 to L08 (1601). Theoperation information is summed for each user to be stored into theserver and VLAN operation table T03 of FIG. 6 (1602). After comparisonwith the user condition setting table T01 of FIG. 6 (1603), the resultis checked against the service level agreement to study whether serverdeallocation can be done (1604). As one example of a method for judgingwhether server deallocation can be done, a method for performingproportioning calculation to the product of CPU utilization and thenumber of servers. For example, the service level agreement of the userA has CPU utilization below 50%. Four web servers are currently given.When all the web servers have CPU utilization below 25%, it can bejudged that the number of the web servers can be decreased down to two.When plural users exist, a server deallocation process is performed toall the users, and then, a server allocating process is performed to allthe users. The web server a10 is deallocated here. When it can bedeallocated, the server a10 is removed from the column of the real addrof the address correspondence table T00. The load balancer LB01 iscommanded to configure the contents of the column of the real addr. Inthe VLAN configuration table T02 of the managing server, the ports p001and p101 connected to the server a10 removed from the columns of port#(LB01) and port#(SW01) are removed.

[0075] Thereafter, the port p001 of the LB01 connected to the web servera10 is removed from the VLAN to perform a process for removing the portp101 of SW01 from the VLAN. After a VLAN change process of therouter-side switch is terminated, a VLAN change process of thestorage-side switch is performed (1605).

[0076] The server a10 to which the deallocating process is notifiedterminates the process of the program to release the resource beingused. In other words, the contents are switched and disk cache is erased(1606).

[0077] The deallocated server notifies to the managing server C0 thatthe release is terminated. The managing server C0 waits for it to changethe column of the web server of the VLAN configuration table T02 of FIG.6. In the server and VLAN operation table T03, the parameter of chargeinformation such as a history of the number of servers (1607). In thisexample, the column of the history of the number of servers of theserver allocation history table of T03 discriminates between theallocation histories of the web servers, AP servers and DB servers forrecording. The unit price can be changed for the respective servers sothat a charge can be calculated by the product of the allocating numberfor the respective servers, the allocation time history and each unitprice. The web server is taken as an example. In the case of otherservers, there is no real address change command to the loaddistributor. Instead of that, server deallocation is notified to theapplication by some method to make a change of only VLAN to the port ofthe network switch.

[0078] Back to the description of FIG. 16, whether the number of theservers must be increased or not is studied (1608). Judgment how manyservers should be increased uses proportioning calculation likedeallocation. When the number of the servers must be increased, whetherthere is an available server allocated to web servers, AP servers and DBservers, respectively, is checked with reference to the VLANconfiguration table T02 (1609). When there is no available server, it isnotified to the operations manager. An unsatisfied service level whichdisables server allocation due to resource shortage and an unsatisfiedservice level due to user's agreement excess are discriminated forrecording (1610). When there is an available server, the required numberof the servers is selected from the available server y10 to be allocatedto the user which is then allocated to the user (1611). Thereafter, theserver allocated to the column of the web server of the VLANconfiguration table T02 of FIG. 6 is added. The columns of port# (SW01)and port# (LB01) are changed to the VLAN configuration table T02 of themanaging server so as to configure the contents of the column of port#(LB01) for the load balancer LB01 and the contents of the column ofport# (SW01) for the network switch SW01.

[0079] Thereafter, the VLAN of the user is changed in the order of thestorage-side port and the router-side port connected to the web serverso as to allocate to the VLAN a switch port p103 connected to the servery10 to be allocated on the SW01 side and a switch port p03 on the LB01side in that order (1612). Finally, the data center managing server C0changes y10 allocation to the column of the real addr in the loadbalancer address correspondence table T00 to command to the loadbalancer to configure it. Change of the contents of the load balancerLB01 and the network switch SW01 is confirmed. The parameter related tocharge information such as the number of allocated servers is changed(1613).

[0080] The web server is taken as an example. Change of the loadbalancer address correspondence table must be considered in the processof change. In the case of AP and DB servers, the load balancerconfiguration is not changed. Instead of that, server deallocation isnotified to the application by some method to change only the VLANrelated to the port of the network switch.

[0081] The procedure of the control program P10 on the managing serverC0 is described above.

[0082] As an advantage of this change method is that the utilization ofthe server resource in the data center is high since the serverallocation and deallocation is commanded from the user before providinga server allocation increase command to all the users, When the order isnot followed and server allocation to the user is performed previously,it is considered that there may be a shortage of the preliminary servertemporality. The server in which the server utilization of the user islow may be deallocated in the later server deallocation process. It ishard to say that the server resources are used efficiently. Networkbandwidth allocation and storage network bandwidth allocation areconsidered likewise.

[0083] A procedure in which the control program P10 changes network bandallocation of the Internet when a load is fluctuated will be describedwith FIG. 15. There are three cases by the VPN realizing method betweenthe user and the data center. A method for changing a VPN bandwidth isknown. Information possessed by the data center managing server will bedescribed here.

[0084] In FIG. 7, VPN-related information in the user condition settingtable T01 includes the columns of the minimum and maximum bandwidths andthe threshold value of the band utilization. The VLAN configurationtable T04 is a table for holding the condition in which the userconfigures the minimum bandwidth, the maximum bandwidth and the bandutilization to be created with reference to the user setting conditiontable T01. This is used to judge whether the service level agreement ofthe network bandwidth is satisfied. In the VPN operating state tableT05, for the bandwidth allocated to the user in each VPN router of theuser, carrier and data center, there exist the columns of a history oftime to satisfy the band utilization and time not to satisfy it and ahistory of the bandwidth allocated to the user from the minimumbandwidth to the maximum bandwidth.

[0085]FIG. 8 is a diagram summarizing information of VPN routers held bythe user bandwidth managing server. A VPN configuration table T08 is atable for holding the user setting condition of the minimum bandwidth,maximum bandwidth and the bandwidth utilization. In the VPN operatingstate table T09, for the bandwidth allocated to the user in VPN routerof the user, there exist the columns of a history of time to satisfy thebandwidth utilization and time not to satisfy it and a history of thenormalized bandwidth allocated to the user from the minimum bandwidth tothe maximum bandwidth. FIG. 9 is a diagram summarizing information ofVPN routers held by the carrier bandwidth managing server. A VPNconfiguration table T10 is a table for holding the user settingcondition of the minimum bandwidth, the maximum bandwidth and thebandwidth utilization. In a VPN operating state table T11, for thebandwidth allocated to the user in VPN router of the carrier, thereexist the columns of a history of time to satisfy the band utilizationand time not to satisfy it and a history of the bandwidth allocated tothe user from the minimum bandwidth to the maximum bandwidth. The T04has the column of a guarantee bandwidth which is filled in when the bandguarantee service is done in FIG. 12. When it is judged that the networkload of plural users is increased at the same point and the networkbandwidth of the plural users must be increased, to the user who desiresthe band guarantee service in FIG. 12, the network bandwidth allocationis changed in preference to a user who does not desire the bandwidthguarantee service.

[0086] The respective cases considered as VPN configuration will bedescribed below.

[0087] (1) A first case will be described. It is considered the casethat the VPN realizing method has three VPN routers of the data center,the carrier and the user, as shown in FIG. 3, and the data centermanaging server commands all the bandwidth changes. The description isprovided in comparison with the flowchart of the change of the networkbandwidth allocation to the user, to as shown in FIG. 15. The datacenter managing server monitors network bandwidth information in eachVPN router via the signal lines L01, L10 and L20 through the managingservers of the user and the carrier (1501), and sums operationinformation for each user which is then stored into the VPN operationtable T05 of FIG. 7. The data center managing server C0 compares thebandwidth utilization with the service level agreement (1503) to studywhether network bandwidth reduction can be done (1504). In considerationof the case that the configured bandwidth is 3 Mbps, the real usebandwidth is 0.5 Mbps and the threshold value of the band utilization is40%, bandwidth reduction can be judged. In the case of the VPN, afterthe bandwidth reduction process of all the users is performed likeserver allocation, a bandwidth addition process is performed. When thebandwidth is to be reduced, the data center managing server notifies aband reduction command to the managing servers of the data center, userand carrier via the signal lines L01, L10 and L20. The managing serverwho has received the notification commands the VPN router undermanagement to release the bandwidth being used. The order to release thebandwidth is performed in the order of the user, carrier and datacenter. When release of the bandwidth is terminated, the managing servernotifies it to the data center managing server. The managing server C0waits for it to change the VLAN operation table T05, change theparameter information related to charge such as a history of the usednetwork bandwidth is and change the VLAN operation tables T09 and T11 ofthe managing server of the user and the carrier (1505).

[0088] A process for increasing a network bandwidth will be describednext.

[0089] The data center managing server C0 compares the bandwidth useinformation with the service level agreement to study whether networkbandwidth addition must be done (1506). The data center managing serverC0 refers to the VPN configuration table T04 of FIG. 7 to check whetherthere is a bandwidth allocatable to the user (1507). When there is noavailable network bandwidth, it is notified to the operations manager.An unsatisfied service level due to bandwidth shortage and anunsatisfied service level due to agreement excess are discriminated forrecording (1508). For example, when the current user allocated bandwidthis 1.5 Mbps, the actual operating bandwidth is 1.2 Mbps, theuser-configured band width utilization is 40%, the available bandwidthis 1.5 Mbps and there is an available network, network allocationbandwidth addition to the user is command (1509). The network bandwidthis changed in the order of the data center, carrier and user. Thecontents of the VPN operation table T05 of FIG. 7 are changed. Theparameter information related to charge such as a use history of the usebandwidth is changed. The parameter information related to charge suchas a bandwidth use history of the VPN operation table T09 of FIG. 8 andthe VPN operation table T11 of FIG. 9 is changed (1510).

[0090] An advantage of this change method is that VPN network bandwidthsthrough the data center, carrier and user can be controlled together tocontrol the network bandwidth totally judging balance of the load of theentire VPN network and the network load of the server.

[0091] (2) In the configuration of FIG. 3, there is one more kind of VPNconfiguration method which is different from the case of (1). In thismethod, the data center managing server C0 previously configures anetwork bandwidth allocation judgment rule to the user bandwidthmanaging server C10 and the carrier bandwidth managing server C20 viathe signal lines L01, L10, L11, L20 and L21. This case will be describedin comparison with the flowchart of the change of the network bandwidthallocation to the user, as shown in FIG. 15. The data center managingserver C0 collects use states of the network bandwidth in the user,carrier and data center via the signal lines through the managingservers C10, C20 and C0. This information is used for charging. Themanaging servers of the user and carrier have the VPN configurationtable related to the network bandwidth configured from the data centermanaging server (the table T04 of FIG. 7, the table T08 of FIG. 8, andthe table T10 of FIG. 9) and the VPN operation table (the table T05 ofFIG. 7, the table T09 of FIG. 8, and the table T11 of FIG. 9). Each ofthe managing servers monitors network bandwidth use information (1501).The user managing server sums operation information to be stored intothe VPN operation table T09 of FIG. 8 (1502). Each of the managingservers compares the network bandwidth use information with the VPNconfiguration table (T04 of FIG. 7, T08 of FIG. 8, and T10 of FIG. 9)(1503), and checks the result against to the service level agreement tostudy whether network bandwidth reduction can be done (1504). As in thecase of (1), when bandwidth reduction can be done, the managing serverperforms network bandwidth reduction. The bandwidth reduction iscommanded to the router in the order of the user, carrier and datacenter while contacting between the managing servers. Thereafter, themanaging server which manages the VPN router which has performed thereduction process notifies, to the data center managing server,bandwidth information newly allocated to the user via the signal linesL01, L10 and L20. The data center managing server receives informationfrom the managing servers which has made the change, and then, changesthe bandwidth history of the VPN operation table T05 of FIG. 7 to changethe parameter information related to charge such as a history of thebandwidth used by the user (1505). At the same time, the user VPNoperation table T09 of FIG. 8 and the carrier VPN operation table T11 ofFIG. 9 are changed. Then, a network bandwidth addition process isperformed. The VPN routers of the data center, user and carrier comparethe network operating state with the VPN configuration table (the tableT04 of FIG. 7, the table T08 of FIG. 8, and the table T10 of FIG. 9) tostudy whether network bandwidth addition must be done (1506). As in thecase of (1), when network bandwidth increase must be done and there isan available network bandwidth managed by the managing servers, themanaging servers perform network bandwidth addition to the VPN routerunder management (1507). When there is no available network bandwidth,it is notified to the operations manager. An unsatisfied service leveldue to bandwidth shortage and an unsatisfied service level due toagreement excess are discriminated for recording (1508). Thereafter,bandwidth information newly allocated to the user is notified to thedata center managing server C0 via the signal line (1509). The networkbandwidth is changed in the order of the data center, carrier and userwhile contacting between the managing servers. The data center managingserver receives information from the VPN router which has made thechange to change the contents of the VPN operation table T05 of FIG. 7.At the same time, the VPN operation table T09 on the user bandwidthmanaging server and the VPN operation table T11 of the carrier bandwidthmanaging server are changed. Finally, the parameter information relatedto charge such as a history of the bandwidth used by the user is changed(1510).

[0092] An advantage of this change method is that control can beperformed quickly since the networks of the user, carrier and datacenter control monitoring and allocation judgment of the bandwidth use.

[0093] (3) As in FIG. 4, the data center operator and the carrieroperator are the same. In this case, it may be considered that the datacenter managing server C30 controls the VPN routers of the data centerand the user. As in the first case, the description is provided incomparison with the flowchart of the change of the network bandwidthallocation to the user, as shown in FIG. 15. The data center managingserver monitors network bandwidth information in each VPN router via thesignal lines L11 and L30 (the user bandwidth information is monitoredvia the user managing server) (1501). Operation information of thebandwidth utilization is summed for each user which is then stored intothe VPN operation table T05 of FIG. 7. In this case, the column of thecarrier does not exist (1502). The data center managing server C30compares the bandwidth utilization information with the service levelagreement (1503) to study whether network bandwidth reduction can bedone (1504). When the network bandwidth can be reduced, the data centermanaging server C30 notifies a bandwidth reduction command to the usermanaging server via the signal line. The bandwidth is reduced in theorder of the user and the data center. The user managing server whichhas notified it commands to release the bandwidth being used to the VPNrouter under management. When release of the bandwidth is terminated,the user managing server notifies it to the data center managing serverC30. The data center managing server C30 waits for it, and then, changesthe VPN operation table T05 of FIG. 7 to change the parameterinformation related to charge such as a history of the bandwidth used bythe user (1505). The routine is moved to a network bandwidth increasingprocess. The data center managing server C30 compares the bandwidthutilization information with the VPN configuration table T04 to studywhether network bandwidth addition must be done (1506). When it must beincreased, the data center managing server refers to the VPNconfiguration table T04 of FIG. 7 to check whether there is a bandwidthallocatable to the user (1507). When there is no available networkbandwidth, it is notified to the operations manager. An unsatisfiedservice level due to bandwidth shortage and an unsatisfied service leveldue to agreement excess are discriminated for recording (1508). Whenthere is an available network bandwidth, a network allocation bandwidthaddition command is provided to the user managing server (1509). Thenetwork bandwidth is changed in the order of the data center and user.Thereafter, the contents of the VPN operation table T05 are changed tochange the parameter information related to charge (1510).

[0094] As described above, when reducing the bandwidth, the user sidereduces it first and when increasing it, the data center side increasesit first.

[0095] The storage network dynamic change will be described. An overviewof the storage network is shown in FIG. 5. As described in the VLANconfiguration, the user-dedicated VLAN is configured from the loadbalancer to the DB server. The DB server, the storage network switch andstorage LUN allocated to the user are controlled to belong to the samezone. The data center managing server records configuration informationlike the storage network configuration table T06 of FIG. 10.

[0096]FIG. 10 will be described. FIG. 10 has the user condition 15setting table T01 created based on the service level agreement input ofFIG. 13 which holds the columns of the minimum bandwidth and the maximumbandwidth of the port of the storage network and the threshold value ofthe bandwidth utilization of the port of the storage network switch, andan agreement set by the user having an initial LUN access priority onthe service level input screen. In the storage network configurationtable T06, there are, along the contents of the user condition settingtable T01, the columns of the maximum and minimum bandwidths of thestorage network, the threshold value of the bandwidth utilization agreedin the Service Level Agreement (SLA), allocated LUN, LUN access initialpriority, belonging DB server, and port belonging to the zone, and thestorage network configuration is described thereinto. In the table T07,for the bandwidth allocated to the user of the user storage network,there exist the columns of a history of time to satisfy the bandwidthutilization and time not satisfy it due to service level agreementexcess, a history of the bandwidth allocated to the user from theminimum bandwidth to the maximum bandwidth, and a history of LUN accesspriority.

[0097] A zone technique is known. It is considered that a VLAN and azone are combined, as shown in FIG. 5, so that the user A attempts toaccess to LUN of the storage to be used by the user B. At this time, thestorage s01 refers to information corresponding to the storage networkconfiguration table T06 of FIG. 10. LUN LU02 of the user B belongs to azone Z02 and the user A belongs to a zone Z01. The access is denied. Theuser security is thus held.

[0098] A process of a storage network part when a load of the storagenetwork is fluctuated is considered. The data center managing server C0collects operating states related to the zones to be stored into thestorage network operation table T07. Specifically, the description isprovided in comparison with the flowchart of the storage networkallocation to the user, as shown in FIG. 28. The data center managingserver monitors bandwidth information of the storage network via thesignal line L08 (2801) and sums operation information for each user tobe stored into the storage network operation table T07 of FIG. 10(2802). The use bandwidth of the storage network switch SW03 is comparedwith the storage network configuration table T06 of FIG. 10 (2803).After checking against the service level agreement, whether networkbandwidth reduction can be done is studied (2804). In the storagenetwork, an increasing process is done after terminating the reducingprocess to all the users. When the network bandwidth can be reduced, themanaging server C0 changes the column of the access priority and thecolumn of the use bandwidth of the storage network configuration tableT06 of FIG. 10. A reduction request of the network bandwidth to bereduced is provided to the storage network switch SW03 via the signalline. The storage network switch SW03 which has received thenotification reduces the storage network bandwidth used by the user(2805). The storage network switch SW03 is notified by the signal lineto decrement the access priority to the LUN of the storage. For example,when reducing the bandwidth, an instruction to decrement the accesspriority to the LUN only by a predetermined amount is issued (2806). Thestorage network switch SW03 which has received the notificationdecrements the access priority of the storage. Thereafter, the column ofthe access priority of the storage network operation table T07 of FIG.10 and the column of the use bandwidth of the table T06 of FIG. 10 arechanged. The parameter information related to charge such as a historyof the bandwidth used by the user and a history of the access priorityis changed (2807).

[0099] The routine is moved to a storage resource increasing process.The data center managing server performs comparison with the storagenetwork configuration table T06 of FIG. 10 to study whether the networkbandwidth of the storage network must be added (2808). When it must beincreased, the data center managing server refers to the user conditionsetting table T01 to check if there is a bandwidth which can beallocated to the user (2809). When there is no available networkbandwidth, it is notified to the operations manager. An unsatisfiedservice level due to bandwidth shortage and an unsatisfied service leveldue to agreement excess are discriminated for recording (2810). Whenthere is an available storage network bandwidth, the data centermanaging server C0 changes the column of the access priority and thecolumn of the use bandwidth of the storage network configuration tableT06 of FIG. 10 and notifies to the storage network switch SW03 via thesignal line to increment the access priority to the LUN of the storage.For example, when increasing the bandwidth, a command to increment theaccess priority to the LUN by a predetermined amount is provided. Thestorage network switch SW03 which has received the notificationincrements the access priority of the storage (2811). A storage networkallocation bandwidth addition command to the user is provided to thestorage network switch SW03 (2812). Thereafter, the data center managingserver changes the column of the access priority of the storage networkoperation table T07 of FIG. 10 and the column of the use bandwidth ofthe table T06 of FIG. 10. The parameter information related to chargesuch as a history of the storage network bandwidth used by the user anda history of the access priority is changed (2813).

[0100] When the procedure to change the storage network bandwidth andthe access priority is reversed, in the case that requests are floodedinto the storage in the storage network, access busy to the storage iscaused, resulting in lowered performance. This change order is thusessential.

[0101]FIGS. 26 and 27 summarize the resource allocation change procedureof the entire system having the user, carrier and data center describedin this embodiment of this invention when the user load is increased anddecreased.

[0102] The configuration of FIG. 26 showing the change procedure whenthe system load is increased is divided into the VPN change part from2606 to 2608, the VLAN change part from 2603 to 2605, and the storagenetwork change part from 2601 to 2602. For the process change order, inthe groups of the VPN part from 2606 to 2608, the VLAN part from 2603 to2605, and the storage network part from 2601 to 2602, change is made inorder which is essential in the meaning that lowered security anddeteriorated web service are not caused by the change and in the meaningthat the web service is not deteriorated in the course of the change inthe order of the storage network, VLAN and VPN group. A specific exampleis shown. When the change order of the VPN change part is not followed,it is considered the case that when the network load is large, thebandwidth addition of the data center entry is changed after changingthe bandwidth addition of the user's network exit. Access to the datacenter is concentrated to deteriorate the web service quality caused bythe network busy of the data center. Further, the case of not followingthe change order of the VLAN part is considered. For example, when theweb server y10 is considered to be allocated to the user A network inFIG. 2, the VLAN is changed in the order of LB01 and SW01 to access theidle server in the data center. There is a possibility that the systemsecurity may not be held.

[0103] The configuration of FIG. 27 shows the change procedure when thesystem load is decreased. In the groups of the VPN change part from 2701to 2703, the VLAN change part from 2704 to 2706, and the storage networkchange part from 2707 to 2708, change is made in order. The changeprocedure is essential in the meaning that lowered security anddeteriorated web service are not caused by the change and in the meaningthat the web service is not deteriorated in the course of the change inthe order of the VPN, VLAN and storage network groups.

[0104] The case of not following the change order of the VLAN part isconsidered. For example, when the web server a10 is considered to bedeallocated from the user A network in FIG. 2, the VLAN is changed inthe order of SW01 and LB01 to access other idle servers in the datacenter. There is a possibility that the system security may not be held.

[0105] Change policies related to this change will be described below.

[0106] (i) When the system load is large, change is made from the deeplayer to the surface layer; and

[0107] (ii) When the system load is small, change is made from thesurface layer to the deep layer.

[0108] Finally, charging of this system will be described. It is dividedinto three parts of the VPN, VLAN and storage network to charge to theuser for the total of charges in each part. (The data center includes acharge of the carrier).

[0109] (i) About the VPN Part

[0110] A charge is determined by (fee of allocated bandwidth in unittime×allocation time to user−basic penalty of unsatisfied bandwidthagreement×time of unsatisfied bandwidth agreement due to networkresource shortage)×(weighting coefficient). In other words, the penaltyis subtracted from the use fee of total use time.

[0111] The basic fee of the bandwidth is changed stepwise depending onthe magnitude of the bandwidth allocated to the user.

[0112] The allocated bandwidth fee defines b as a bandwidth and b isexpressed to be normalized. At this time,

[0113] P(b): Use fee per unit time in the case of the network bandwidthb allocated to the user; and

[0114] T(b): Time in which the network bandwidth b is allocated to theuser.

[0115] Then, a charge of the total use time of the user is allocated by:

Σ_(b)P(b)×T(b)  (Equation 1)

[0116] Various fee settings for P(b) are considered like step functionand proportioning function by b value. The (weighting coefficient) istypically 1, and is a coefficient having a value larger than 1 whenselecting the band guarantee service in FIG. 12.

[0117] (ii) About the VLAN Part

[0118] A charge is determined by (basic fee of one server×the allocatingnumber to user×allocation time to user−basic penalty of unsatisfiedservice level agreement×the allocating number to user×time ofunsatisfied service level agreement due to server shortage)×(weightingcoefficient).

[0119] The basic concept of charging of the total use time of the useris similar to equation 1 of (i). The (weighting coefficient) istypically 1, and is a coefficient having a value larger than 1 whenselecting the security option service in FIG. 12. The server use fee isa total calculated for the web, AP and DB layer. Similar to the VPN partof the (i), the basic fee of the server is changed stepwise depending onthe number of servers allocated to the user.

[0120] (iii) About the Storage Network Part

[0121] A charge is determined by (basic fee of allocated bandwidth inunit time)×(allocation time to user+basic fee corresponding to accesspriority of unit time)×(setting time of access priority to user−basicpenalty of unsatisfied service level agreement)×(time of unsatisfiedbandwidth agreement due to network resource shortage).

[0122] The basic concept of charging of the total use time of the useris similar to equation 1 of (i). The bandwidth basic fee is changedstepwise depending on the magnitude of the bandwidth allocated to theuser.

[0123] [2] Second Embodiment

[0124] An embodiment in which a data center is configured using a highmultiplex SMP server equipped with a partition function virtual computerfunction PRMF will be described.

[0125] First, main drawings for describing the embodiment will beexplained. FIG. 17 shows the internal configuration of a data center inthe case of using an LPAR server. FIGS. 18 and 19 show one example of aninput screen when the user company A makes a use agreement with thisdata center. FIG. 20 shows a list of VLAN-related information possessedby the managing server. FIG. 21 shows a list of VPN-related informationpossessed by the managing server. FIG. 22 shows a list of storagenetwork-related information possessed by the managing server. FIG. 23shows a list of packets used in the embodiment. FIG. 24 shows aprocedure for allocating the CPU utilization of the server to the userwho makes the agreement. FIG. 25 shows a procedure to dynamicallyincrease and decrease the CPU utilization of the server allocated to theuser.

[0126] The embodiment will now be described. The connection diagram ofthe data center to the user is similar to FIG. 1.

[0127]FIG. 17 shows the case of connecting one web server, one AP serverand one DB server with the virtual computer function PRMF. The internalconfigurations of the AP server P02 and the DB server P03 are similar tothat of the web server P01, and the description thereof is omitted.

[0128]FIGS. 18 and 19 are one example of the service level agreementinput screen. This example is an agreement for the user company A tocontrol the allocation of CPU utilization of all of the web server, APserver and DB server by the PRMF function to be always above 50%.

[0129] Back to FIG. 17, the web server P01 has a control unit CL100, anLPAR control register CL101, CPUs cP01 and CP02, a memory M01, andnetwork adapters t100 and y100. The LPAR is an abbreviation of logicalpartition. The LPAR control register CL101 holds a dividing method ofresources given to each OS.

[0130] As shown in FIG. 20, LPAR# is an identifier unifically given toeach partition. One network adapter handles plural users. A networkadapter address described later is configured by the control program P10so as to correspond with an address input from each user on the servicelevel agreement input screen of FIG. 19. The VLAN tugging technique canconfigure plural VLANs to one port. Plural addresses can be alsoconfigured for one network adapter. In FIG. 19, the user A has the webserver address a100, the AP server address a200, and the DB serveraddress a300. The user B is allocated the web server address b100, theAP server address b200, and the DB server address b300.

[0131] The coming-in user request packet is handed to the program on theOS of the corresponding LPAR. The allocation of CPU utilization columnshows at what percentage the OS belonging to each LPAR and the programthereon are operated on the CPU. The control unit CL100 refers to thisinformation to control the operating percentage of LPAR.

[0132] In this embodiment, the LPAR uniquely corresponds with the useridentifier possessed by the data center managing server C0. PRMF controland VLAN configuration to the switch connected to the server prevent theresources from being shared between different users. The securitybetween the users can be held. Communication from the user to the datacenter can be allowed only in the VLAN shown by the VLAN tag given tothe packet by the VLAN tagging. Thus, the security from the user to thedata center can be held.

[0133] Similar to the first embodiment, the case of transmitting theuser request to the client a0→the web server a100→the AP server a200→theDB server a300→the AP server a200→the web server a100→the client a0 isconsidered. The client a0 generates a packet 2300 of FIG. 23(1). Similarto the first embodiment, a packet 2301 is generated by the VPN router A0of FIG. 1 and a packet 2302 is generated by the VPN router D0. 049

[0134] The packet 2302 is handed to the network adapter t100 having theaddress a100 via the signal line L0 and is handed to the applicationprogram on LPAR#0, that is, the application program of the user A. Thisprogram generates a packet 2304 having the address a200 which is handedto the application program of the A company on the AP server P02 and theapplication program of the A company on the DB server P03. There are theaddresses a100 and b100 on the network adapter t100 of the web serverP01 which correspond with LPAR#0 and 1, respectively. (Although notshown, there are the addresses a200 and b200 on the network adapter t200in the AP server P02 which correspond with LPAR#0 and 1 like the Webserver. The LPAR#0 and 1 correspond with the users A and B. This is thesame for the DB server P03). Similarly, a response from the DB serverP03 to the AP server P02, web server P01 and client a0 can be executedby the application program on the LPAR correctly allocated to the Acompany. It is similar to the first embodiment, and the descriptionthereof is not described in detail. The above operation sequentiallygenerates the packets 2306 to 2309 of FIG. 23. If the client of the Acompany accesses the partition of the B company, VLANs belonging to theusers A and B are different in the VLAN configuration table T22 of FIG.20 to deny the access. The security for each user can be thus held. Thecase that there are plural users and one network adapter is given toeach of the users is considered to be a modification of the VLAN part.In this case, a VLAN with respect to the port of the network switch isconfigured for each of the users via the network adapter of each of theusers. The security can be thus held.

[0135]FIG. 20 is a diagram showing information of the serverconfiguration and VLAN configuration possessed by the managing serverC0. T22 is a VLAN configuration table which has the server column,network switch column, address column, and LPAR column and realizesconfiguration so as to belong to one VLAN for each user across pluralnetwork switches. A table T21 is a user condition setting table and hasthe contents of the columns of the upper limit and lower limit of theCPU utilization to each partition of the agreement inputted by the useron the service level agreement input screen and the threshold value ofthe CPU utilization agreed with the user. A table T23 of FIG. 20 is aserver and VLAN operation table and information is inputted to thecolumns of allocated LPAR, a history of allocation of CPU utilizationand an allocated CPU utilization history. Finally, a CPU allocationtable T24 has as information the column of the allocation of CPUutilization currently allocated to each user. In this case, an agreementis made with the A company so that in any of the web server, AP serverand DB server, the CPU utilization in the LPAR does not exceed 50% andthe allocation of CPU utilization of the LPAR is changed within therange of 20% to 70%.

[0136] The control program P10 checks the monitoring result obtainedfrom the signal lines L01 to L08 against the user condition settingtable T21 of FIG. 20 to check whether the current resource allocationsatisfies the service level agreement, thereby normalizing and storingthe result into the column of the CPU utilization history of the serverand VLAN operation table T23 of FIG. 20. For example, it records the CPUutilization history in the LPAR corresponding to the user #0. For thisreason, the CPU allocation table T24 identifying the user and theallocation of CPU utilization is held. The CPU allocation table T24holds the same contents as the column of allocation of CPU utilizationof the LPAR control registers in the web server, AP server and DBserver. The operation of the parameter information column related tocharging of the server and VLAN operation table T23 is similar to thefirst embodiment.

[0137] To perform the above control, a procedure in which the controlprogram P10 divides the resources will be described with FIG. 24.

[0138] First, information shown on the service level agreement inputscreen of FIGS. 18 and 19 is inputted to create a user condition settingtable T21 (2401). Along information related to the minimum and maximumbandwidths and the bandwidth utilization, a VPN configuration table iscreated in the data center managing server, the user bandwidth managingserver and the carrier bandwidth managing server. Information related tothe minimum and maximum bandwidths and the bandwidth utilization isconfigured for the VPN router of the user, carrier and data center viathe signal line L0 (2402).

[0139] Further, information shown on the service level agreement inputscreen of FIG. 19 is inputted to create the column of upper limit andlower limit of the allocation of CPU utilization, the column of themaximum and minimum bandwidths and the column of the user's bandwidthutilization of the user condition setting table T21 of FIG. 20, and thecolumn of the network adapter of the VLAN configuration table T22(2403).

[0140] Referring to the user condition setting table T21 of FIG. 20,that the allocation of CPU utilization of a minimum of 20% is performedto the user A and the allocation of CPU utilization of a minimum of 20%is performed to the user B is detected to create the column of theallocation of CPU utilization of the CPU allocation managing table T24and the VLAN configuration table T22 (2404). The contents of the VLANconfiguration table T22 are configured for the LPAR control registers inthe servers P01, P02 and P03 of FIG. 17 via the signal lines L01 to L08(2405). The storage-side port and the router-side port connected to theserver are described into the column of port# of the VLAN configurationtable T22 to provide a VLAN configuration command to the networkswitches SW10 to SW12 (2406). The network and storage network bandwidthsare allocated and are described into the column of the bandwidth of theVPN configuration table T25 as shown in FIG. 21 and the column of thebandwidth of the storage network configuration table T27 as shown inFIG. 22, thereby providing a bandwidth configuration command to the VPNrouters and the network switch SW13 (2407).

[0141] Based on the user condition setting table T21, the server andVLAN operation table T23 of FIG. 20, the VPN operation table T26 of FIG.21, and the storage network operation table T28 of FIG. 22 are created(2408). Specifically, the columns to record the CPU utilization historyand the network bandwidth utilization history to the user are created.

[0142] Information necessary for resource division control is generatedand is configured for the VPN router r01, SW10 to SW13, and servers P01,P02 and P03. The system operation can be started in a state that theresources are divided correctly.

[0143] A procedure in which the control program P10 changes thepartition allocation when a load is fluctuated will be described belowwith FIG. 25.

[0144] The operation information collection (2501), the operationinformation summing (2502), and comparison with the service levelagreement (2503) are the same as the first embodiment. Whether theallocation of CPU utilization can be reduced is studied (2504). When itcan be reduced, the contents of the LPAR control registers of thecorresponding server are commanded to be changed. The judging methodwhether it can be reduced or not is the same as the first embodiment.After the change termination, the parameter related to charge is changed(2505). In this example, histories of the allocation of CPU utilizationand allocation time are recorded. As one example of the chargecalculation, it can be considered a method in which the use unit priceper unit time is determined for the web server, AP server and DB serverto charge the total of unit price×CPU utilization.

[0145] Whether the allocation of CPU utilization should be increased isstudied (2506). When it must be increased, whether the allocation of CPUutilization configured for the corresponding server can be increased ischecked (2507). When allocation can not be done, it is notified to theoperations manager. An unsatisfied service level due to CPU abilityshortage and an unsatisfied service level due to agreement excess arediscriminated for recording (2508). The contents of the LPAR controlregisters of the corresponding server are commanded to be changed. Afterwaiting for change termination, the parameter information related tocharge is changed (2509).

[0146] The change is performed in the VPN and storage network dependingon the operating state. The changing method is entirely the same as thefirst embodiment, and the description thereof is omitted.

[0147] Finally, charging will be described. The charging of the VPN andstorage network are entirely the same as the first embodiment. Chargingof the VLAN part is performed as follows: (basic fee related toallocation of CPU utilization per unit time×allocation of CPUutilization to user×allocation time to user−basic penalty of allocationof CPU utilization per unit time of unsatisfied service levelagreement×allocation of CPU utilization to user×time of unsatisfiedservice level agreement due to CPU resource shortage)×(weightingcoefficient)

[0148] Here, the (weighting coefficient) is typically 1 and is acoefficient having a value larger than 1 when selecting the securityservice in FIG. 18.

[0149] [3] Modification of the First Embodiment

[0150] (a) As a modification 1 of the first embodiment, it can beconsidered the case that the data center of FIG. 2 performs bandwidthallocation dynamic change and bandwidth guarantee related to the portbandwidth of the port of the network switches (SW01 to SW02) belongingto the user-dedicated VLAN. In such a case, it can be considered thecase that the user VLAN traffic and other traffics of access from theInternet share the same switch port. The resource allocation dynamicchange method and charging method in the operating state of the VPN partand the storage network part are entirely the same as the typical caseof the first embodiment, and the description thereof is omitted.

[0151]FIG. 29 is a diagram showing information of the VLAN partpossessed by the managing server C0. The load balancer addresscorrespondence table T00 has the same information of the typical case ofthe first embodiment. The characteristic point of this modification asinformation of the VLAN part possessed by the managing server C0 will bedescribed with reference to FIG. 29. There is a table T31 which adds tothe user condition setting table T01 of FIG. 6 the columns of themaximum and minimum allocated bandwidths and the threshold value of thebandwidth utilization of the load balancer LB01 and the network switchesSW01 and SW02. There are also a VLAN configuration table T32 which addsto the VLAN configuration table T02 of FIG. 6 the columns of the maximumand minimum bandwidths and the threshold value of the bandwidthutilization of the LB01 and the network switches SW01 and SW02; and aVLAN configuration table T33 which adds to the server and VLAN operationtable T03 of FIG. 6 the columns of the bandwidth utilization history ofthe LB01 and the network switches SW01 and SW02.

[0152] A method for changing server allocation when the system isstarted up will be described. A procedure for configuring auser-dedicated VLAN to the user is entirely the same as the typical caseof first embodiment up to network switch port allocation to the VLAN.After port allocation to the user VLAN, following information of thecolumns of the maximum and minimum bandwidths and the bandwidthutilization of the user condition setting table T01 of FIG. 29 createdalong the contents configured on the service level agreement inputscreen of FIGS. 12 and 13, bandwidth allocation is performed to each ofthe ports allocated to the user-dedicated VLAN by entirely the samemethod as the VPN bandwidth allocating method. After bandwidthallocation to the port belonging to the VLAN, VPN configuration andstorage network configuration are done to divide the resources.

[0153] A procedure in which the control program P10 of FIG. 29 changesserver allocation when a load is increased will be described. In theflowchart of FIG. 16, the step up to 1603, that is, the step ofoperation information collection to comparison with the service level isthe same as the typical embodiment. After comparison with the column ofthe bandwidth of the user condition setting table T01 of FIG. 29, theresult is checked against the service level agreement to study whethernetwork bandwidth reduction can be done. The data center managing serverprovides a bandwidth reduction request to the port bandwidth to bereduced. The bandwidth changing method is conducted in the order of theLB01 port, SW01 port and SW02 port in FIG. 2. (In the case of the userA, the bandwidth is changed in the order of p001, p101, p201, p301 andp401.) The step of 1604 to 1612 of FIG. 16 including change of the VLANto the port connecting the server, the server deallocation process, andthe server allocation process is the same as the typical embodiment.After server allocation and change of the VLAN to the port connectingthe server, comparison with the column of the bandwidth of the usercondition setting table T01 of FIG. 29 is done, and then, the result ischecked against the service level agreement to study whether networkbandwidth addition can be done. The data center managing server providesa bandwidth addition request to the port bandwidth to be added. Thebandwidth changing method is done in the order of the SW02 port, SW01port and LB01 port in FIG. 2. (In the case of the user A, the bandwidthis changed in the order of p501, p401, p301, p201, p101 and p001.) Theprocess after that is entirely the same as the flowchart of FIG. 16.

[0154] Finally, charging of the VLAN part will be described. Thecharging to this modification adds an item of the bandwidth use to thecharging of the VLAN part of the first embodiment and can be expressedas follows.

[0155] (basic fee of one server per unit time×the number of serversallocated to user×allocation time to user−basic penalty of unsatisfiedservice level agreement per unit time×the number of servers allocated touser×time of unsatisfied service level agreement due to servershortage)×(weighting coefficient 1)+(basic fee of bandwidth of networkswitch port per unit time ×allocation time to user−basic penalty ofunsatisfied bandwidth agreement of network switch port×time ofunsatisfied bandwidth agreement due to network resource)×(weightingcoefficient 2)

[0156] The (weighting coefficient 1) is typically 1 and is a coefficienthaving a value larger than 1 when selecting the security service in FIG.12. The (weighting coefficient 2) is typically 1 and is a coefficienthaving a value larger than 1 when selecting the bandwidth guaranteeservice in FIG. 12. The basic idea is the same as the typical case ofthe first embodiment.

[0157] The basic fee of the bandwidth of the network switch port ischanged in steps depending on the magnitude of the bandwidth allocatedstepwise to the user.

[0158] (b) As a modification 2 of the first embodiment, theconfiguration having the user-dedicated VPN router and port of the loadbalancer, as shown in FIG. 30, is possible. In the configuration of thisembodiment, each user can be identified, not by the VLAN tagging ivtechnique, but by VLANID configured for the port of the user-dedicatedVPN router and port of the load balancer. A series of operation is thesame as the first embodiment.

[0159] (c) FIG. 32 shows a flow of change of server and VLAN allocationof a modification 3 of the first embodiment. In the data center of FIG.2, there is a case of power control so as to turn on a server allocatedwhen the server is allocated to the user and to turn off a serverremoved from the user allocation when the server is removed from theuser. In this case, in comparison with FIG. 16 showing the flow making aserver allocation change to the user, operation is done in accordancewith FIG. 32 which adds a step (3212) for turning on the serverallocated immediately before server allocation to the user and a step(3207) for turning off the server after removing the server allocationfrom the user. A series of operation other than two added steps is thesame as the first embodiment.

[0160] [4] Modification of the Second Embodiment

[0161] (a) As a modification of the second embodiment, there will bedescribed the case that the data center of FIG. 17 performs bandwidthallocation dynamic change and bandwidth guarantee related to the portbandwidth of the port of the network switches (SW10 to SW12) belongingto the user-dedicated VLAN. The resource allocation dynamic changemethod and charging method by the operating state of the VPN part andthe storage network part are entirely the same as the typical case ofthe first embodiment, and the description thereof is omitted.

[0162]FIG. 31 is a diagram showing information of the VLAN partpossessed by the managing server C0. The CPU allocation table T24 hasthe same as the typical case of the second embodiment. FIG. 31 has auser condition setting table T41 which adds to the user conditionsetting table T21 of FIG. 20 the columns of the maximum and minimumbandwidths and the bandwidth utilization of the SW10 and networkswitches SW11 and SW12; a VLAN configuration table T42 which adds to theVLAN configuration table T22 information of the columns of the maximumand minimum bandwidths and the bandwidth utilization of the SW10 andnetwork switches SW11 and SW12; and a VLAN configuration table T43 whichadds to the server and VLAN operation table T03 of FIG. 6 the column ofa bandwidth utilization history of the SW10 and network switches SW11and SW12.

[0163] A method for changing server allocation when the system isstarted up will be described. A procedure for configuring auser-dedicated VLAN is entirely the same as the typical case of secondembodiment up to network switch port allocation to the VLAN. After portallocation to the user VLAN, following information of the columns of themaximum and minimum bandwidths and the bandwidth utilization of the usercondition setting table T41 of FIG. 31 created along the contentsconfigured on the service level agreement input screen of FIGS. 18 and19, bandwidth allocation is performed to each of the ports allocated tothe user-dedicated VLAN by entirely the same method as the VPN bandwidthallocating method. After bandwidth allocation to the port belonging tothe VLAN, VPN configuration and storage network configuration are doneto divide the resources.

[0164] A procedure in which the control program P10 of FIG. 31 changesserver allocation when a load is increased will be described. In theflowchart of FIG. 25, the step up to 2503, that is, the step ofoperation information collection to comparison with the service level isthe same as the typical embodiment. After comparison with the column ofthe bandwidth of the user condition setting table T21 of FIG. 31, theresult is checked against the service level agreement to study whethernetwork bandwidth reduction can be done. The data center managing serverprovides a bandwidth reduction request to the port bandwidth to bereduced. The bandwidth changing method is conducted in the order of theSW10 port, SW11 port and SW12 port in FIG. 17. (In the case of the userA, the bandwidth is changed in the order of p001, p101, p201, p301 andp401.) The step of 2504 to 2506 of FIG. 25 including the reductionprocess and the addition process of allocation of CPU utilization is thesame as the typical embodiment. After adding allocation of CPUutilization, comparison with the column of the bandwidth of the usercondition setting table T41 of FIG. 31 is done, and then, the result ischecked against the service level agreement to study whether networkbandwidth addition can be done. The data center managing server providesa bandwidth addition request to the port bandwidth to be added. Thebandwidth changing method is done in the order of the SW12 port, SW11port and LB10 port in FIG. 17. (In the case of the user A, the bandwidthis changed in the order of p501, p401, p301, p201, p101 and p001.) Theprocess after that is entirely the same as the flowchart of FIG. 25. Thecolumn of the bandwidth utilization history of the server and VLANoperation table T43 is changed. The parameter related to charge ischanged.

[0165] Finally, charging of the VLAN part will be described. Thecharging method of this modification adds an item of the bandwidth useto the charge of the VLAN part of the first embodiment and can beexpressed as follows.

[0166] (basic fee of allocation of CPU utilization per unittime×allocation of CPU utilization to user×allocation time to user−basicpenalty of unsatisfied service level agreement per unit time×allocationof CPU utilization to user×time of unsatisfied service level agreementdue to CPU resource shortage)×(weighting coefficient 1)+(basic fee ofbandwidth of network switch port per unit time×allocation time touser−basic penalty of unsatisfied bandwidth agreement of network switchport×time of unsatisfied service level due to network resourceshortage)×(weighting coefficient 2)

[0167] The (weighting coefficient 1) is typically 1 and is a coefficienthaving a value larger than 1 when selecting the security service in FIG.18. The (weighting coefficient 2) is typically 1 and is a coefficienthaving a value larger than 1 when selecting the bandwidth guaranteeservice in FIG. 18. The basic idea is the same as the typical case ofthe first embodiment.

[0168] The basic fee of the bandwidth in the network switch port ischanged in steps depending on the magnitude of the bandwidth sitallocated stepwise to the user.

[0169] As described above, the present invention can give a networkconfiguration table for each user company, give a network bandwidth andcomputer resources based on this, and automatically compares themonitoring result of the operating state of the network and computerwith the service level agreement for each user to increase or decreasethe amount of network resource and computer resource. This can changecomputer resource allocation in real time to abrupt load fluctuation theuser company side cannot predict. In addition, the server of the usercompany is included in an independent VLAN to dynamically change theVLAN configuration according to server allocation, thereby holdingsecurity of each user. Further, network bandwidth dynamic configurationchange copes with the increased network load of the data center so thatthe user can execute a necessary process without delay.

[0170] When the storage resources are shared by all the computers andthe computer resource allocation is changed, the access right checkbased on the configuration of a VLAN and a storage network configuredfor each user is done. Security between the users can be maintained.

[0171] Furthermore, the present invention provides charging methods asdefined by the following points:

[0172] 1. A charging method to each user in a computer system having aplurality of computers interconnected by a local network, connectedexternally to the Internet, and connected to a storage and a storagenetwork in which at least one of the plurality of computers isconfigured for division and allocation of each computer resource so asto form a plurality of logic partitions operated by independent OSs,including a step of changing at any time the computer resourceallocation of each user according to comparison of a service levelpreviously configured for each user with the operating state of thecomputer resource; a step of basing a charge based on the operatingrecord of the computer resource of each user; and a step of charging anadditional fee depending on the presence or absence of an agreement tohold security for each user by a VPN, VLAN and zoning as an option.

[0173] 2. A charging method to each user in a computer system having aplurality of computers interconnected by a local network, connectedexternally to the Internet, and connected to a storage and a storagenetwork in which at least one of the plurality of computers isconfigured for division and allocation of each computer resource so asto form a plurality of logic partitions operated by independent OSs,including a step of independently configuring a VPN for each user on theInternet to allocate a network bandwidth to each user; and a step ofchanging at any time the network bandwidth allocation of each useraccording to comparison of a service level previously configured foreach user with the operating state of the network bandwidth andcomputing a charge based on the operating record.

[0174] 3. In the charging method of point 2, an additional fee ischarged to the use of the network bandwidth depending on the presence orabsence of an agreement to guarantee the network bandwidth used by eachuser as an option.

[0175] 4. The present invention also provides a computer resourceallocating method for allocating servers to each user in a system havinga plurality of servers interconnected by a local network, connectedexternally to the Internet, connected to a storage and a storagenetwork, and processing a request of a plurality of users, whichincludes the steps of:

[0176] configuring a VPN to each user between a user exit, a carrier andthe servers on the Internet and allocating a network bandwidth of eachuser;

[0177] dynamically changing according to a load a network bandwidthallocated to each user at the user exit, the carrier and the entry ofservers; and

[0178] making an allocation change to a user who desires a bandwidthguarantee service at making an agreement in preference to other users.

[0179] The foregoing invention has been described in terms of thepreferred embodiments and the above-mentioned points. However, thoseskilled in the art, will recognize that many variations of suchembodiments exist. Such variations are intended to be within the scopeof the present invention and the appended claims.

What is claimed is:
 1. A computer resource allocating method forallocating servers to each user in a computer system having a pluralityof servers interconnected by a local network, connected externally tothe Internet, connected to a storage and a storage network, andprocessing a request of a plurality of users, comprising: configuring,for each user, a VLAN related to connection to servers allocated to theuser and connection between the servers; monitoring a load of each ofthe servers; and when making an allocation change of said servers ofsaid user according to the monitoring result of said load, making adynamic change of the VLAN of the user who changes allocation so that acomputer allocated to each user is always included into the VLAN of theuser.
 2. The computer resource allocating method according to claim 1,wherein a VPN connecting the exit of a user and the entry of saidcomputer system via a carrier on said Internet is configured for eachuser, and said VLAN configured for each user selects a packettransmitting the VLAN by VLAN tagging.
 3. The computer resourceallocating method according to claim 1, further comprising: configuringa VPN connecting the exit of a user and the entry of said computersystem via a carrier on said Internet to each user; monitoring at leasta network load of the VPN configured for each user at the entry of saidcomputer system; and making a change of the VPN configuration so as tochange a network bandwidth according to the monitoring result of saidload.
 4. The computer resource allocating method according to claim 3,further comprising: configuring zoning for each user by said storagenetwork; making an allocation of a storage access bandwidth resource toeach user; and dynamically changing the storage network bandwidth andLUN access priority according to a load of the storage network of eachuser.
 5. The computer resource allocating method according to claim 4,wherein when a load to the network and server with respect to theresource divided to a user is increased, a change is made in the orderof the resource allocation of the storage network part, the VLAN partconfiguration and the VPN part configuration.
 6. The computer resourceallocating method according to claim 4, wherein when a load to thenetwork and server with respect to the resource divided to a user isdecreased, a change is made in the order of the VPN part configuration,the VLAN part configuration, and the resource allocation of the storagenetwork part.
 7. The computer resource allocating method according toclaim 1, wherein when making a server allocation change to a user in thecase of increasing a load of the server with respect to the resourcedivided to the user, a server allocating process to the user isperformed, and thereafter, a VLAN part changing process is performedstepwise in the order of the switch on the storage side and the switchof the entry of the servers.
 8. The computer resource allocating methodaccording to claim 3, wherein a network load of each user is monitoredin at least one of positions of the user exit, the carrier and the entryof the servers, the monitoring result is judged by a managing server insaid computer system, and the managing server in said computer systemissues a dynamic change instruction to a network bandwidth of each ofthe positions.
 9. The computer resource allocating method according toclaim 3, wherein when said carrier and said computer system are managedin the same managing server, a network load of each user is monitored atthe user exit and the carrier entry, and a network bandwidth in eachmeasuring position is changed dynamically.
 10. The computer resourceallocating method according to claim 3, wherein when making a networkbandwidth additional allocation change to a certain user in the case ofincreasing a network load of the Internet with respect to the user, achange of the VPN part configuration is made in the order of the entryof said computer system, the carrier and the user.
 11. The computerresource allocating method according to claim 3, wherein when making anetwork bandwidth reduction change to a certain user in the case ofincreasing a network load of the Internet with respect to the user, achange of the VPN part configuration is made in the order of the user,the carrier and the entry of said computer system.
 12. The computerresource allocating method according to claim 4, wherein when saidstorage network load is increased, a change of the storage networkconfiguration is made in the order of the LUN access priority and thestorage network bandwidth.
 13. The computer resource allocating methodaccording to claim 4, wherein when said storage network load isdecreased, a change of the storage network configuration is madestepwise in the order of the storage network bandwidth and the LUNaccess priority.
 14. A computer resource allocating method used in acomputer system having a plurality of computers interconnected by alocal network, connected externally to the Internet, and connected to astorage and a storage network in which at least one of said plurality ofcomputers is configured for division and allocation of each computerresource so as to form a plurality of logic partitions operated byindependent OSs, comprising: independently configuring a VPN for eachuser on said Internet to allocate a network bandwidth to each user;independently making an allocation of a logic partition to each user inthe computer forming said plurality of logic partitions; configuring aVLAN for each user with respect to connection to a logic partitionallocated to each user and connection of the logic partitions allocatedto each user; and making a selection, in each VLAN, of a packettransmitting the VLAN by VLAN tagging.
 15. The computer resourceallocating method according to claim 14, wherein said storage networkconfigures zoning for each user corresponding to the logic partition ofthe computer so as to hold security of the user from the computer to thestorage resource.
 16. A charging method for charging to each user in asystem having a plurality of servers interconnected by a local network,connected externally to the Internet, connected to a storage and astorage network, and processing a request of a plurality of users,comprising: configuring, for each user, a VLAN related to connection toservers allocated to the user and connection between the servers; andchanging server allocation of each user at any time according tocomparison of a service level previously configured for each user withthe operating state of the servers allocated to the user and chargingaccording to the allocating record of the servers.
 17. The chargingmethod according to claim 16, further comprising changing at any timethe storage network bandwidth allocation of each user or the accesspriority of the storage according to comparison of the service levelconfigured for each user with the operating state of the storagenetwork, wherein a charge is calculated based on the operating record ofthe storage network.
 18. The charging method according to claim 16,further comprising changing at any time the network bandwidth allocationof each user according to comparison of a service level configured foreach user with the operating state of the network, wherein a charge iscalculated based on the operating record of the network.
 19. Thecharging method according to claim 16, wherein upon a charge based onthe operating record of the server of each user, when there is anagreement to hold security for each user by a VPN, VLAN and zoning as anoption, an additional fee is charged to a server use fee.
 20. Thecharging method according to claim 18, wherein when there is anagreement to guarantee the network bandwidth used by each user as anoption, an additional fee is charged to a network bandwidth use fee.